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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 


A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 15 August 2005 . 
2a)E3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) 23-41 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) K Claim(s) 23-30.32-35 and 39-41 is/are rejected. 

7) E3 Claim(s) 31, 36-38 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 185(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Paper No(s)/lv1ail Date 10032005 . 


4) 03 Interview Summary (PTO-413) 
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DETAILED ACTION 
Claim Rejections - 35 USC § 112 

1 . The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

2. Claims 24-27, 34 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply 
with the enablement requirement. The claim(s) contains subject matter, which was not described 
in the specification in such a way as to enable one skilled in the art to which it pertains, or with 
which it is most nearly connected, to make and/or use the invention. Claims 24, 34, recites 
wherein the first communication medium is connected only to the security subsystem and to the 
master system, and not to any of the network devices. Claim 24, is not described in the 
specification. In the specification on page 5, the subsystem is connected via a secure link to a 
master system that is not otherwise connected to the target system. Claim 24 is not disclosed in 
the specification. Further, a first communication medium is not disclosed anywhere in the 
specification. Claim 25, is not enabled, what is disclosed is, if the subsystem detects an attack on 
the target network, or does not respond to the master system, the master system will take 
appropriate action, ranging from logging the incident or notifying a network manager to shut 
down the network(see pg. 5 of spec). The attack in the disclosure refers to the subsystem; Claim 
25 is not disclosed in the specification. As per claim 26, there is disclosed a second 
communication medium. In the specification, on page 7, what is disclosed is a secure link that 
may be established through an encrypted communication protocol. Claim 26, is rejected under 
112 1 st . Claim 27 is rejected under 112 1 st because it is dependent on claim 26. 
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Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S. C 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

4. Claims 23, 28-29, 33, 40-41 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Emigh. 

5. As per claims 23, 33, Emigh teaches a security system(i.e. netranger sensor) for a 
computer network, the network having a plurality of devices connected thereto (see lines 1-4, 28- 
30), a security subsystem connected to at least some of the devices in the network(see lines 28- 
30), the security subsystem configured to monitor activities of the at least some devices on the 
network(see lines 28-32), and detect attacks on the at least some devices(see lines 33-36); a 
master system(i.e. EBM's Network Security Operations Center(NSOC) which monitors the 
integrity of the security subsystem and registers information pertaining to attacks detected by the 
security subsystem(see lines 1-6, 37-43); and a first communication medium; inherent in Emigh, 
because Emigh teaches that if a misuse is found it can be sent in real-time to the NSOC in 
Boulder, Colorado(see lines 33-36), connected between the security subsystem and the master 
system(see lines 33-36), the master system monitoring the integrity of the security subsystem and 
receiving the information pertaining to the attacks thorough the first communication medium(see 
lines 1-6, 37-43). 
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6. As per claim 28, Emigh teaches the master system is hierarchically independent from the 
security subsystem(see lines 1-6). 

7. As per claim 29, Emigh teaches that the security subsystem is hierarchically subordinate 
to the master system(see lines 28-32). 

8. As per claims 40, Emigh inherently teaches at lest one of the devices having a security 
related functions is a firewall, because Emigh teaches that the sensor can be located on places of 
the internet or intranet connections (see lines 28-32). 

9. As per claim 41, Emigh teaches wherein at least one of the devices having security 
related functions is a network intrusion detection system(see lines 1-6). 

Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

11. Claims 30, 39 are rejected under 35 U.S.C. 103(a) as being unpatentable over Emigh in 
view of Messmer. 

12. As per claims 30, 39, Emigh is silent on wherein the first communication medium is a 
secure link defined by a virtual private network tunnel; however, Messmer teaches the link it 
output in encrypted form(i.e. vpn). It would have been obvious to one of ordinary skill in the art 
at the time of the invention to include a secure link by a virtual private network tunnel of 
Messmer with Emigh, the motivation is that network activity is output in encrypted form and 
prevents hackers or intruders from viewing information(see Messmer). 
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13. Claims 32, 35 are rejected under 35 U.SC 103(a) as being unpatentable over Emigh in 
view of Kurtzberg. 

14. As per claim 32, 35, Emigh teaches a master system(see lines 5-6), security 
subsystem(see lines 1-4), detecting attacks(see lines 33-36). Emigh does not teach a pseudo- 
attack generator, which generates attacks on the network, and determining whether the integrity 
of the system has been compromised. Kurtzberg et al. discloses a pseudo-attack generator which 
generates attacks on the network, and determining whether the integrity of the system has been 
compromised(see col. 1, lines 40-67). It would have been obvious to one of ordinary skill in the 
art at the time of the invention to include a pseudo-attack generator which generates attacks on 
the network, and determining whether the integrity of the system has been compromised of 
Kurtzberg with Emigh, the motivation if that the integrity of a computer system can be tested 
reliably to improve or complement the system's performance(see col. 1, lines 65-67 of 
Kurtzberg). 

15. Claims 3 1, 36, 37-38 are objected to as being rejected on base claims. The reasons why 
the claims are allowable are because in the prior art of security, networking and non-patent 
literature, prior art fails to disclose or suggest, when the master system monitors whether the 
security subsystem responds to the master system, the master system taking action. The master 
system monitors the security subsystem in prior art and all data for network devices is 
transmitted to the master system, there is no suggestion or disclosure of this limitation. 

Response to Amendment 

16. The Applicant states that the office action does not make clear what the limitation of the 
security subsystem is, in regards to the prior art that was used to reject claims. The Examiner 
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disagrees with the Applicant. The Examiner makes it clear what the security subsystem is, in 
Emigh, it is the netranger sensor(see pg. 3 of previous rejection). The Applicant has provided art 
to argue or disprove the art that was used to reject claims. First of all, the Examiner reviewed the 
art that was supplied; however, the art that was supplied has no date. Therefore, this cannot be 
used to argue the claim limitations. The Examiner will reply to arguments that are presented in 
view of prior art that was used to reject claims. The netranger sensor of Emigh, does monitor 
devices, because Emigh teaches the netranger sensor is placed on corporate network scuh as 
Interent and Intranet connections. The Applicant states that Emigh does not teach that the 
NSOC monitors the integrity of the netranger sensor. The Examiner disagrees with the 
Applicant. Emigh teaches that from Boulder, IBM(i.e. master system) will conduct monthly 
testing of network devices like web servers for vulnerability. 

17. Second, the Applicant has requested an interview prior to formal action on this response. 
The Applicant has already requested an interview in response to the non- final office action, and 
an interview was conducted on May 12. Thus, an interview was already conducted in light of the 
office action, any subsequent interview conducted is at the discretion of the Examiner. Further, 
an interview summary sheet was provided to the Applicant and the Applicants Representatives 
after the interview was conducted. The Examiner has included another interview summary of 
the interview that was conducted on 5/12/05. 

18. As per claims 24-27, and 34, the Applicant is arguing that a secure link and a 
communication medium is the same thing. The Examiner disagrees with the Applicant. The 
Applicant is claiming a communication medium than it needs to be disclosed in the specification. 
The 1 12 rejection stands. 
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Final Action 

19. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 


Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Jenise E. Jackson whose telephone number is (571) 272-3791. The 
examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ayaz 
Sheikh can be reached on (571) 272-3795. The fax phone number for the organization where 
this application or proceeding is assigned is 703-872-9306. 


Application/Control Number: 09/770,525 


Page 8 


Art Unit: 2131 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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